NDG does not discover network ports


Article ID: 128551


Updated On:




When running a Network Discovery Gateway (NDG) Scan on Linux or Unix machines, the network ports are not discovered


When NDG runs netstat -atupn, the output produces additional unexpected results which cannot be parsed and the remainder of the data will not be captured.  To confirm, if the NDG scan is run with detail logging enabled on the profile, the CCA UI Log tab will show the data.  Also, by running netstat -atupn on the target machine, you can see the output similar to:
Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.
That is not a standard output from the netstat command, hence NDG is unable to parse the expected netstat return data


Component: CAACM


Two options in resolving this issue
  1. Run the scans as root or root-like user
  2. Set the netstat permission: chmod u+s /usr/bin/netstat or chmod u+s /bin/netstat

Additional Information

Discuss the options with your Security Team before making any permission changes to exectuables